EV charging stations: a hacker’s best friend

The number of EVs in operation could reach up to 28.3 million in the United States alone, but this should come as no surprise. Usually cheaper to fuel than petrol or diesel vehicles, and typically having fewer parts to repair and maintain, electric cars have rapidly become a viable option for most consumers when looking to upgrade their personal vehicles.

As the number of electric vehicles on the roads continues to increase, so too does the number of personal and commercial vehicles charging ports available to drivers. There are approximately 160,000 EV chargers located within the United States already, with research suggesting over 2.2 million public chargers will be required by 2030. The migration to EVs is being supported at government level, with the Biden Administration pledging to install 500,000 of these chargers as part of its ‘EV Charging Action Plan’.

Eoin Carroll, Co-Chair of the Vehicle Services Work Group at the Trusted Computing Group (TCG) further explores.

Why hackers love charging equipment

From a security perspective, this may lead to devastating results. EV charging stations, or rather Electric Vehicle Supply Equipment (EVSE), can quickly become a gateway for hackers to gain unauthorised access to a vehicle. The majority of EVSEs are remotely managed, and should a hacker access a single station, then it may be trivial to access others found on the same network. Through inherent security flaws within the technology used to charge EVs, an attacker could execute a ‘denial of service’ (DoS) attack, removing an owner’s access to the equipment, leaving them unable to charge their car.

In addition, attackers could infiltrate the communication between a vehicle and the EVSE to obtain sensitive information to be exploited for financial gain. One of the most significant threats comes if a hacker gains the ability to remotely switch chargers on or off: EVSEs are connected to the nation’s energy grid, and if they are instructed to constantly be ‘charging’, then the available power surpluses we rely on can be swiftly drained. This could result in severe damage to critical infrastructure and leave whole nations at the mercy of remorseless hackers expecting a groundbreaking payout.

The need for a proactive response

The only thing more concerning than the attacks is that these flaws have been known for years, yet little action has been taken to rectify them. The Volpe Report, published in 2018 by the US Department of Transportation, outlined several areas of concern when it comes to the security of EVSEs. The findings of the report indicated the EV charging ecosystem demonstrated extremely poor security hygiene, including a lack of basic cybersecurity best practices, trust models, guidelines and testing, making it extremely susceptible to potential attacks.

In 2021, Pen Test Partners shared the results of its 18 month investigation into the security of EVSEs. Sampling six different brands of chargers, as well as the security of some public charging networks, the organisation found vulnerabilities that enabled account hijacks of millions of EV chargers. Many of the platforms tested had significant Application Programming Interface (API) authorisation issues, which allowed account take over and remote control of the EVSE, with one platform shockingly having no authorisation, or even firmware signing, at all. Furthermore, one of the public chargers was found to have an unauthenticated endpoint which potentially exposed all the user and charger data available. The lack of response within the industry to these findings is a cause for concern.

We are now seeing the results of successful attacks against charging infrastructure. In February 2022, EVSEs located along Russia’s M11 motorway were disabled after Ukrainian hackers used a backdoor in the charger’s control system. Pro-Ukrainian messages were also programmed to appear on the station’s display screen. Though uncommon at present, these attacks are likely to increase in frequency and severity in the coming years unless greater steps are taken to mitigate them.

Why ‘trusted computing’ is essential to EVs

Until these issues are resolved, it’s essential that Original Equipment Manufacturers (OEMs) step up and increase the resiliency of EVs. In the event a vehicle comes under attack from a compromised EVSE, malware and other damaging attack methods must not be able to propagate between them. OEMs must therefore implement ‘trusted’ features and software users can rely on.

As vehicle manufacturers become increasingly aware of the threats faced through EVSEs, we are now seeing greater collaboration across the industry to devise new, novel solutions that ensure a trustworthy foundation for EVs. This includes the creation and adoption of the latest standards, specifications and technologies by working with organisations like the Trusted Computing Group (TCG). Through automotive-specific work groups, computing standards organisations are finding themselves uniquely positioned to innovate secure-by-design and resilient solutions for the industry, especially in areas such as EV charging where they are required the most.

This includes the development of an end-to-end security reference architecture for the EV charging ecosystem. For example, in 2023, the TCG’s Vehicle Services Work Group (VSWG) partnered with the Linux Foundation ENERGY EVerest Project (LF EVerest), a consortium of EV charging experts. This project is one of many aiming to promote secure implementation of standards within the automotive industry. Focusing specifically on ISO15118 Plug and Charge (PnC), LF EVerest and TCG are currently developing a trustworthy platform reference to build vendor neutral, interoperable software that bolsters security for EVs.

Part of this work has been to recognise the lack of an industry framework for EV charging applications, and to identify potential options to best secure the ecosystem. The Industrial Internet Security Framework (IISF) holds promise, as it addresses considerations such as security, safety, privacy and resiliency which will all prove essential against the growing threats. Should the concept of trusted computing be instilled as its core, this framework may serve to provide a solid defence against attackers and ensure greater protection for EVSEs.

A more secure future

Looking ahead, EV architectures that incorporate elements such as high-performance compute (HPC) and consolidated control units (ECUs) may present additional challenges to manufacturers when ensuring vehicles remain resilient and secure by design. Leveraging a trusted computing hardware architecture can help manufacturers rise to the challenge and ensure a greater security infrastructure within a vehicle.

What is clear is that the concept of trusted computing will be essential in the fight against attackers. Ensuring this remains the bedrock of any security implementation will be a manufacturer’s best bet to delivering secure vehicles and protect users from potentially devastating hacks. Now, the pressure is on companies within the EV ecosystem to be proactive and rectify the clear cybersecurity issues found within their technology before it’s too late.